10c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom/* 20c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom * Copyright (C) 2010 The Android Open Source Project 30c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom * 40c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom * Licensed under the Apache License, Version 2.0 (the "License"); 50c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom * you may not use this file except in compliance with the License. 60c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom * You may obtain a copy of the License at 70c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom * 80c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom * http://www.apache.org/licenses/LICENSE-2.0 90c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom * 100c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom * Unless required by applicable law or agreed to in writing, software 110c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom * distributed under the License is distributed on an "AS IS" BASIS, 120c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 130c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom * See the License for the specific language governing permissions and 140c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom * limitations under the License. 150c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom */ 160c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom 174557728efb66c455a52b7669a8eefef7a9e54854Jesse Wilsonpackage libcore.javax.net.ssl; 180c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom 192216155c3066236eb450f307983019f69a10303dKenny Rootimport static java.nio.charset.StandardCharsets.UTF_8; 202216155c3066236eb450f307983019f69a10303dKenny Root 210669a8cf8b08b2d66a7ff758e5e3dbd456855495Alex Klyubinimport java.io.IOException; 22c118df9e19edaa61ec3f61c4c8b73268642818f7Kenny Rootimport java.nio.ByteBuffer; 230c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstromimport java.util.Arrays; 2458af60a00935641f4669afc358593456944644ecKenny Rootimport java.util.concurrent.Callable; 2558af60a00935641f4669afc358593456944644ecKenny Rootimport java.util.concurrent.CountDownLatch; 2658af60a00935641f4669afc358593456944644ecKenny Rootimport java.util.concurrent.ExecutorService; 2758af60a00935641f4669afc358593456944644ecKenny Rootimport java.util.concurrent.Executors; 2858af60a00935641f4669afc358593456944644ecKenny Rootimport java.util.concurrent.Future; 29c9461f39290f815f560f2ec50e9ccde5ff4eb8f7Alex Klyubinimport javax.crypto.SecretKey; 30c9461f39290f815f560f2ec50e9ccde5ff4eb8f7Alex Klyubinimport javax.crypto.spec.SecretKeySpec; 310669a8cf8b08b2d66a7ff758e5e3dbd456855495Alex Klyubinimport javax.net.ssl.KeyManager; 324557728efb66c455a52b7669a8eefef7a9e54854Jesse Wilsonimport javax.net.ssl.SSLContext; 334557728efb66c455a52b7669a8eefef7a9e54854Jesse Wilsonimport javax.net.ssl.SSLEngine; 34c118df9e19edaa61ec3f61c4c8b73268642818f7Kenny Rootimport javax.net.ssl.SSLEngineResult; 350c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstromimport javax.net.ssl.SSLEngineResult.HandshakeStatus; 364557728efb66c455a52b7669a8eefef7a9e54854Jesse Wilsonimport javax.net.ssl.SSLException; 374557728efb66c455a52b7669a8eefef7a9e54854Jesse Wilsonimport javax.net.ssl.SSLHandshakeException; 384557728efb66c455a52b7669a8eefef7a9e54854Jesse Wilsonimport javax.net.ssl.SSLParameters; 394557728efb66c455a52b7669a8eefef7a9e54854Jesse Wilsonimport javax.net.ssl.SSLSession; 40edeec21a9c9e97cad91dffd47d4f2f7185dffe07Alex Klyubinimport javax.net.ssl.X509ExtendedKeyManager; 410c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstromimport junit.framework.TestCase; 42101547d4a82ba21031dc7cb62018720dbd493758Jesse Wilsonimport libcore.java.security.StandardNames; 43101547d4a82ba21031dc7cb62018720dbd493758Jesse Wilsonimport libcore.java.security.TestKeyStore; 440c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom 450c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrompublic class SSLEngineTest extends TestCase { 460c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom 470c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom public void assertConnected(TestSSLEnginePair e) { 480c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom assertConnected(e.client, e.server); 490c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom } 500c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom 510c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom public void assertNotConnected(TestSSLEnginePair e) { 520c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom assertNotConnected(e.client, e.server); 530c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom } 540c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom 550c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom public void assertConnected(SSLEngine a, SSLEngine b) { 560c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom assertTrue(connected(a, b)); 570c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom } 580c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom 590c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom public void assertNotConnected(SSLEngine a, SSLEngine b) { 600c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom assertFalse(connected(a, b)); 610c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom } 620c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom 630c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom public boolean connected(SSLEngine a, SSLEngine b) { 640c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom return (a.getHandshakeStatus() == HandshakeStatus.NOT_HANDSHAKING 650c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom && b.getHandshakeStatus() == HandshakeStatus.NOT_HANDSHAKING 660c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom && a.getSession() != null 670c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom && b.getSession() != null 680c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom && !a.isInboundDone() 690c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom && !b.isInboundDone() 700c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom && !a.isOutboundDone() 710c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom && !b.isOutboundDone()); 720c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom } 730c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom 74f605c6822da13b32cd3643415a707882b62a3e91Alex Klyubin public void test_SSLEngine_defaultConfiguration() throws Exception { 75782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin SSLConfigurationAsserts.assertSSLEngineDefaultConfiguration( 76f605c6822da13b32cd3643415a707882b62a3e91Alex Klyubin TestSSLContext.create().clientContext.createSSLEngine()); 77f605c6822da13b32cd3643415a707882b62a3e91Alex Klyubin } 78f605c6822da13b32cd3643415a707882b62a3e91Alex Klyubin 79f605c6822da13b32cd3643415a707882b62a3e91Alex Klyubin public void test_SSLEngine_getSupportedCipherSuites_returnsCopies() throws Exception { 800c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom TestSSLContext c = TestSSLContext.create(); 81059dbc04218144f985b20a228bbe98139d400d0cBrian Carlstrom SSLEngine e = c.clientContext.createSSLEngine(); 82f605c6822da13b32cd3643415a707882b62a3e91Alex Klyubin assertNotSame(e.getSupportedCipherSuites(), e.getSupportedCipherSuites()); 83f7aab022dcbfcd8f27b409ab92b4bca4a84d0b8aBrian Carlstrom c.close(); 840c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom } 850c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom 860c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom public void test_SSLEngine_getSupportedCipherSuites_connect() throws Exception { 87a5c608e59f9d574ea4bc65e9dff44aae2f34fd26Brian Carlstrom // note the rare usage of non-RSA keys 88101547d4a82ba21031dc7cb62018720dbd493758Jesse Wilson TestKeyStore testKeyStore = new TestKeyStore.Builder() 89101547d4a82ba21031dc7cb62018720dbd493758Jesse Wilson .keyAlgorithms("RSA", "DSA", "EC", "EC_RSA") 90101547d4a82ba21031dc7cb62018720dbd493758Jesse Wilson .aliasPrefix("rsa-dsa-ec") 91101547d4a82ba21031dc7cb62018720dbd493758Jesse Wilson .ca(true) 92101547d4a82ba21031dc7cb62018720dbd493758Jesse Wilson .build(); 936c78b7b94c232063ec559436b48b33751373ecf1Brian Carlstrom test_SSLEngine_getSupportedCipherSuites_connect(testKeyStore, false); 94727df1258e3b8386afea4778626c9ab16ef467d6Kenny Root test_SSLEngine_getSupportedCipherSuites_connect(testKeyStore, true); 956c78b7b94c232063ec559436b48b33751373ecf1Brian Carlstrom } 962e47cbcfd5aad2a525af42cbc93a919b96e2c62aNarayan Kamath 972e47cbcfd5aad2a525af42cbc93a919b96e2c62aNarayan Kamath // http://b/18554122 982e47cbcfd5aad2a525af42cbc93a919b96e2c62aNarayan Kamath public void test_SSLEngine_underflowsOnEmptyBuffersDuringHandshake() throws Exception { 992e47cbcfd5aad2a525af42cbc93a919b96e2c62aNarayan Kamath final SSLEngine sslEngine = SSLContext.getDefault().createSSLEngine(); 1002e47cbcfd5aad2a525af42cbc93a919b96e2c62aNarayan Kamath sslEngine.setUseClientMode(false); 1012e47cbcfd5aad2a525af42cbc93a919b96e2c62aNarayan Kamath ByteBuffer input = ByteBuffer.allocate(1024); 1022e47cbcfd5aad2a525af42cbc93a919b96e2c62aNarayan Kamath input.flip(); 1032e47cbcfd5aad2a525af42cbc93a919b96e2c62aNarayan Kamath ByteBuffer output = ByteBuffer.allocate(1024); 1042e47cbcfd5aad2a525af42cbc93a919b96e2c62aNarayan Kamath sslEngine.beginHandshake(); 1052e47cbcfd5aad2a525af42cbc93a919b96e2c62aNarayan Kamath assertEquals(SSLEngineResult.HandshakeStatus.NEED_UNWRAP, sslEngine.getHandshakeStatus()); 1062e47cbcfd5aad2a525af42cbc93a919b96e2c62aNarayan Kamath SSLEngineResult result = sslEngine.unwrap(input, output); 1072e47cbcfd5aad2a525af42cbc93a919b96e2c62aNarayan Kamath assertEquals(SSLEngineResult.Status.BUFFER_UNDERFLOW, result.getStatus()); 1082e47cbcfd5aad2a525af42cbc93a919b96e2c62aNarayan Kamath assertEquals(SSLEngineResult.HandshakeStatus.NEED_UNWRAP, result.getHandshakeStatus()); 1092e47cbcfd5aad2a525af42cbc93a919b96e2c62aNarayan Kamath } 1102e47cbcfd5aad2a525af42cbc93a919b96e2c62aNarayan Kamath 1112e47cbcfd5aad2a525af42cbc93a919b96e2c62aNarayan Kamath // http://b/18554122 1122e47cbcfd5aad2a525af42cbc93a919b96e2c62aNarayan Kamath public void test_SSLEngine_underflowsOnEmptyBuffersAfterHandshake() throws Exception { 1132e47cbcfd5aad2a525af42cbc93a919b96e2c62aNarayan Kamath // Note that create performs the handshake. 1142e47cbcfd5aad2a525af42cbc93a919b96e2c62aNarayan Kamath final TestSSLEnginePair engines = TestSSLEnginePair.create(null /* hooks */); 1152e47cbcfd5aad2a525af42cbc93a919b96e2c62aNarayan Kamath ByteBuffer input = ByteBuffer.allocate(1024); 1162e47cbcfd5aad2a525af42cbc93a919b96e2c62aNarayan Kamath input.flip(); 1172e47cbcfd5aad2a525af42cbc93a919b96e2c62aNarayan Kamath ByteBuffer output = ByteBuffer.allocate(1024); 1182e47cbcfd5aad2a525af42cbc93a919b96e2c62aNarayan Kamath assertEquals(SSLEngineResult.Status.BUFFER_UNDERFLOW, 1192e47cbcfd5aad2a525af42cbc93a919b96e2c62aNarayan Kamath engines.client.unwrap(input, output).getStatus()); 1202e47cbcfd5aad2a525af42cbc93a919b96e2c62aNarayan Kamath } 1212e47cbcfd5aad2a525af42cbc93a919b96e2c62aNarayan Kamath 1226c78b7b94c232063ec559436b48b33751373ecf1Brian Carlstrom private void test_SSLEngine_getSupportedCipherSuites_connect(TestKeyStore testKeyStore, 1236c78b7b94c232063ec559436b48b33751373ecf1Brian Carlstrom boolean secureRenegotiation) 1246c78b7b94c232063ec559436b48b33751373ecf1Brian Carlstrom throws Exception { 125c9461f39290f815f560f2ec50e9ccde5ff4eb8f7Alex Klyubin KeyManager pskKeyManager = PSKKeyManagerProxy.getConscryptPSKKeyManager( 126c9461f39290f815f560f2ec50e9ccde5ff4eb8f7Alex Klyubin new PSKKeyManagerProxy() { 127c9461f39290f815f560f2ec50e9ccde5ff4eb8f7Alex Klyubin @Override 128c9461f39290f815f560f2ec50e9ccde5ff4eb8f7Alex Klyubin protected SecretKey getKey(String identityHint, String identity, SSLEngine engine) { 1292216155c3066236eb450f307983019f69a10303dKenny Root return new SecretKeySpec("Just an arbitrary key".getBytes(UTF_8), "RAW"); 130c9461f39290f815f560f2ec50e9ccde5ff4eb8f7Alex Klyubin } 131c9461f39290f815f560f2ec50e9ccde5ff4eb8f7Alex Klyubin }); 132c9461f39290f815f560f2ec50e9ccde5ff4eb8f7Alex Klyubin TestSSLContext c = TestSSLContext.createWithAdditionalKeyManagers( 133c9461f39290f815f560f2ec50e9ccde5ff4eb8f7Alex Klyubin testKeyStore, testKeyStore, 134c9461f39290f815f560f2ec50e9ccde5ff4eb8f7Alex Klyubin new KeyManager[] {pskKeyManager}, new KeyManager[] {pskKeyManager}); 1350669a8cf8b08b2d66a7ff758e5e3dbd456855495Alex Klyubin 1360669a8cf8b08b2d66a7ff758e5e3dbd456855495Alex Klyubin // Create a TestSSLContext where the KeyManager returns wrong (randomly generated) private 1370669a8cf8b08b2d66a7ff758e5e3dbd456855495Alex Klyubin // keys, matching the algorithm and parameters of the correct keys. 1380669a8cf8b08b2d66a7ff758e5e3dbd456855495Alex Klyubin // I couldn't find a more elegant way to achieve this other than temporarily replacing the 139edeec21a9c9e97cad91dffd47d4f2f7185dffe07Alex Klyubin // first X509ExtendedKeyManager element of TestKeyStore.keyManagers while invoking 140edeec21a9c9e97cad91dffd47d4f2f7185dffe07Alex Klyubin // TestSSLContext.create. 1410669a8cf8b08b2d66a7ff758e5e3dbd456855495Alex Klyubin TestSSLContext cWithWrongPrivateKeys; 1420669a8cf8b08b2d66a7ff758e5e3dbd456855495Alex Klyubin { 143edeec21a9c9e97cad91dffd47d4f2f7185dffe07Alex Klyubin // Create a RandomPrivateKeyX509ExtendedKeyManager based on the first 144edeec21a9c9e97cad91dffd47d4f2f7185dffe07Alex Klyubin // X509ExtendedKeyManager in c.serverKeyManagers. 145edeec21a9c9e97cad91dffd47d4f2f7185dffe07Alex Klyubin KeyManager randomPrivateKeyX509ExtendedKeyManager = null; 146edeec21a9c9e97cad91dffd47d4f2f7185dffe07Alex Klyubin for (KeyManager keyManager : c.serverKeyManagers) { 147edeec21a9c9e97cad91dffd47d4f2f7185dffe07Alex Klyubin if (keyManager instanceof X509ExtendedKeyManager) { 148edeec21a9c9e97cad91dffd47d4f2f7185dffe07Alex Klyubin randomPrivateKeyX509ExtendedKeyManager = 149edeec21a9c9e97cad91dffd47d4f2f7185dffe07Alex Klyubin new RandomPrivateKeyX509ExtendedKeyManager((X509ExtendedKeyManager) keyManager); 150edeec21a9c9e97cad91dffd47d4f2f7185dffe07Alex Klyubin break; 151edeec21a9c9e97cad91dffd47d4f2f7185dffe07Alex Klyubin } 152edeec21a9c9e97cad91dffd47d4f2f7185dffe07Alex Klyubin } 153edeec21a9c9e97cad91dffd47d4f2f7185dffe07Alex Klyubin if (randomPrivateKeyX509ExtendedKeyManager == null) { 154edeec21a9c9e97cad91dffd47d4f2f7185dffe07Alex Klyubin fail("No X509ExtendedKeyManager in c.serverKeyManagers"); 155edeec21a9c9e97cad91dffd47d4f2f7185dffe07Alex Klyubin } 156edeec21a9c9e97cad91dffd47d4f2f7185dffe07Alex Klyubin 157edeec21a9c9e97cad91dffd47d4f2f7185dffe07Alex Klyubin // Find the first X509ExtendedKeyManager in testKeyStore.keyManagers 158edeec21a9c9e97cad91dffd47d4f2f7185dffe07Alex Klyubin int replaceIndex = -1; 159edeec21a9c9e97cad91dffd47d4f2f7185dffe07Alex Klyubin for (int i = 0; i < testKeyStore.keyManagers.length; i++) { 160edeec21a9c9e97cad91dffd47d4f2f7185dffe07Alex Klyubin KeyManager keyManager = testKeyStore.keyManagers[i]; 161edeec21a9c9e97cad91dffd47d4f2f7185dffe07Alex Klyubin if (keyManager instanceof X509ExtendedKeyManager) { 162edeec21a9c9e97cad91dffd47d4f2f7185dffe07Alex Klyubin replaceIndex = i; 163edeec21a9c9e97cad91dffd47d4f2f7185dffe07Alex Klyubin break; 164edeec21a9c9e97cad91dffd47d4f2f7185dffe07Alex Klyubin } 165edeec21a9c9e97cad91dffd47d4f2f7185dffe07Alex Klyubin } 166edeec21a9c9e97cad91dffd47d4f2f7185dffe07Alex Klyubin if (replaceIndex == -1) { 167edeec21a9c9e97cad91dffd47d4f2f7185dffe07Alex Klyubin fail("No X509ExtendedKeyManager in testKeyStore.keyManagers"); 168edeec21a9c9e97cad91dffd47d4f2f7185dffe07Alex Klyubin } 169edeec21a9c9e97cad91dffd47d4f2f7185dffe07Alex Klyubin 170edeec21a9c9e97cad91dffd47d4f2f7185dffe07Alex Klyubin // Temporarily substitute the RandomPrivateKeyX509ExtendedKeyManager in place of the 171edeec21a9c9e97cad91dffd47d4f2f7185dffe07Alex Klyubin // original X509ExtendedKeyManager. 172edeec21a9c9e97cad91dffd47d4f2f7185dffe07Alex Klyubin KeyManager originalKeyManager = testKeyStore.keyManagers[replaceIndex]; 173edeec21a9c9e97cad91dffd47d4f2f7185dffe07Alex Klyubin testKeyStore.keyManagers[replaceIndex] = randomPrivateKeyX509ExtendedKeyManager; 1740669a8cf8b08b2d66a7ff758e5e3dbd456855495Alex Klyubin cWithWrongPrivateKeys = TestSSLContext.create(testKeyStore, testKeyStore); 175edeec21a9c9e97cad91dffd47d4f2f7185dffe07Alex Klyubin testKeyStore.keyManagers[replaceIndex] = originalKeyManager; 1760669a8cf8b08b2d66a7ff758e5e3dbd456855495Alex Klyubin } 1770669a8cf8b08b2d66a7ff758e5e3dbd456855495Alex Klyubin 178727df1258e3b8386afea4778626c9ab16ef467d6Kenny Root // To catch all the errors. 179727df1258e3b8386afea4778626c9ab16ef467d6Kenny Root StringBuilder error = new StringBuilder(); 180727df1258e3b8386afea4778626c9ab16ef467d6Kenny Root 181059dbc04218144f985b20a228bbe98139d400d0cBrian Carlstrom String[] cipherSuites = c.clientContext.createSSLEngine().getSupportedCipherSuites(); 1820c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom for (String cipherSuite : cipherSuites) { 183727df1258e3b8386afea4778626c9ab16ef467d6Kenny Root try { 1843ad1704dc8e4653f4ceaeb5d8315ddb28318a1bbKenny Root // Skip cipher suites that are obsoleted. 1853ad1704dc8e4653f4ceaeb5d8315ddb28318a1bbKenny Root if (StandardNames.IS_RI && "TLSv1.2".equals(c.clientContext.getProtocol()) 1863ad1704dc8e4653f4ceaeb5d8315ddb28318a1bbKenny Root && StandardNames.CIPHER_SUITES_OBSOLETE_TLS12.contains(cipherSuite)) { 1873ad1704dc8e4653f4ceaeb5d8315ddb28318a1bbKenny Root continue; 1883ad1704dc8e4653f4ceaeb5d8315ddb28318a1bbKenny Root } 1893ad1704dc8e4653f4ceaeb5d8315ddb28318a1bbKenny Root /* 190e6a6e935e98f426c7000b2bf4086f87101f4441cKenny Root * Signaling Cipher Suite Values (SCSV) cannot be used on their own, but instead in 191e6a6e935e98f426c7000b2bf4086f87101f4441cKenny Root * conjunction with other cipher suites. 1923ad1704dc8e4653f4ceaeb5d8315ddb28318a1bbKenny Root */ 193e6a6e935e98f426c7000b2bf4086f87101f4441cKenny Root if (cipherSuite.equals(StandardNames.CIPHER_SUITE_SECURE_RENEGOTIATION) 194e6a6e935e98f426c7000b2bf4086f87101f4441cKenny Root || cipherSuite.equals(StandardNames.CIPHER_SUITE_FALLBACK)) { 1953ad1704dc8e4653f4ceaeb5d8315ddb28318a1bbKenny Root continue; 1963ad1704dc8e4653f4ceaeb5d8315ddb28318a1bbKenny Root } 1973ad1704dc8e4653f4ceaeb5d8315ddb28318a1bbKenny Root /* 1983ad1704dc8e4653f4ceaeb5d8315ddb28318a1bbKenny Root * Kerberos cipher suites require external setup. See "Kerberos Requirements" in 1993ad1704dc8e4653f4ceaeb5d8315ddb28318a1bbKenny Root * https://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/JSSERefGuide.html 2003ad1704dc8e4653f4ceaeb5d8315ddb28318a1bbKenny Root * #KRBRequire 2013ad1704dc8e4653f4ceaeb5d8315ddb28318a1bbKenny Root */ 2023ad1704dc8e4653f4ceaeb5d8315ddb28318a1bbKenny Root if (cipherSuite.startsWith("TLS_KRB5_")) { 2033ad1704dc8e4653f4ceaeb5d8315ddb28318a1bbKenny Root continue; 2043ad1704dc8e4653f4ceaeb5d8315ddb28318a1bbKenny Root } 2056c78b7b94c232063ec559436b48b33751373ecf1Brian Carlstrom 2063ad1704dc8e4653f4ceaeb5d8315ddb28318a1bbKenny Root final String[] cipherSuiteArray 2073ad1704dc8e4653f4ceaeb5d8315ddb28318a1bbKenny Root = (secureRenegotiation 2083ad1704dc8e4653f4ceaeb5d8315ddb28318a1bbKenny Root ? new String[] { cipherSuite, 2093ad1704dc8e4653f4ceaeb5d8315ddb28318a1bbKenny Root StandardNames.CIPHER_SUITE_SECURE_RENEGOTIATION } 2103ad1704dc8e4653f4ceaeb5d8315ddb28318a1bbKenny Root : new String[] { cipherSuite }); 2113ad1704dc8e4653f4ceaeb5d8315ddb28318a1bbKenny Root 2123ad1704dc8e4653f4ceaeb5d8315ddb28318a1bbKenny Root // Check that handshake succeeds. 2137c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro TestSSLEnginePair pair = null; 2147c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro try { 2157c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro pair = TestSSLEnginePair.create(c, new TestSSLEnginePair.Hooks() { 2167c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro @Override 2177c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro void beforeBeginHandshake(SSLEngine client, SSLEngine server) { 2187c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro client.setEnabledCipherSuites(cipherSuiteArray); 2197c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro server.setEnabledCipherSuites(cipherSuiteArray); 2207c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro } 2217c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro }); 2227c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro assertConnected(pair); 2237c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro 2247c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro boolean needsRecordSplit = 2258f2073552a3aa97ce95f8380f5cab1742d77de91Chad Brubaker "TLS".equalsIgnoreCase(c.clientContext.getProtocol()) 2267c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro && cipherSuite.contains("_CBC_"); 2277c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro 2282216155c3066236eb450f307983019f69a10303dKenny Root assertSendsCorrectly("This is the client. Hello!".getBytes(UTF_8), 2297c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro pair.client, pair.server, needsRecordSplit); 2302216155c3066236eb450f307983019f69a10303dKenny Root assertSendsCorrectly("This is the server. Hi!".getBytes(UTF_8), 2317c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro pair.server, pair.client, needsRecordSplit); 2327c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro } finally { 2337c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro if (pair != null) { 2347c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro pair.close(); 235aba5e8c281fb9c6be23229246473fa0b433dd997Brian Carlstrom } 2367c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro } 2373ad1704dc8e4653f4ceaeb5d8315ddb28318a1bbKenny Root 2383ad1704dc8e4653f4ceaeb5d8315ddb28318a1bbKenny Root // Check that handshake fails when the server does not possess the private key 2393ad1704dc8e4653f4ceaeb5d8315ddb28318a1bbKenny Root // corresponding to the server's certificate. This is achieved by using SSLContext 2403ad1704dc8e4653f4ceaeb5d8315ddb28318a1bbKenny Root // cWithWrongPrivateKeys whose KeyManager returns wrong private keys that match 2413ad1704dc8e4653f4ceaeb5d8315ddb28318a1bbKenny Root // the algorithm (and parameters) of the correct keys. 242c9461f39290f815f560f2ec50e9ccde5ff4eb8f7Alex Klyubin boolean serverAuthenticatedUsingPublicKey = true; 243c9461f39290f815f560f2ec50e9ccde5ff4eb8f7Alex Klyubin if (cipherSuite.contains("_anon_")) { 244c9461f39290f815f560f2ec50e9ccde5ff4eb8f7Alex Klyubin serverAuthenticatedUsingPublicKey = false; 245c9461f39290f815f560f2ec50e9ccde5ff4eb8f7Alex Klyubin } else if ((cipherSuite.startsWith("TLS_PSK_")) 246c9461f39290f815f560f2ec50e9ccde5ff4eb8f7Alex Klyubin || (cipherSuite.startsWith("TLS_ECDHE_PSK_"))) { 247c9461f39290f815f560f2ec50e9ccde5ff4eb8f7Alex Klyubin serverAuthenticatedUsingPublicKey = false; 248c9461f39290f815f560f2ec50e9ccde5ff4eb8f7Alex Klyubin } 249c9461f39290f815f560f2ec50e9ccde5ff4eb8f7Alex Klyubin if (serverAuthenticatedUsingPublicKey) { 2507c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro TestSSLEnginePair p = null; 2513ad1704dc8e4653f4ceaeb5d8315ddb28318a1bbKenny Root try { 2527c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro p = TestSSLEnginePair.create( 2533ad1704dc8e4653f4ceaeb5d8315ddb28318a1bbKenny Root cWithWrongPrivateKeys, new TestSSLEnginePair.Hooks() { 2547c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro @Override 2553ad1704dc8e4653f4ceaeb5d8315ddb28318a1bbKenny Root void beforeBeginHandshake(SSLEngine client, SSLEngine server) { 2567c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro client.setEnabledCipherSuites(cipherSuiteArray); 2577c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro server.setEnabledCipherSuites(cipherSuiteArray); 2587c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro } 2597c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro }); 2603ad1704dc8e4653f4ceaeb5d8315ddb28318a1bbKenny Root assertNotConnected(p); 2617c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro } catch (IOException expected) { 2627c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro } finally { 2637c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro if (p != null) { 2647c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro p.close(); 2657c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro } 2667c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro } 267a5c608e59f9d574ea4bc65e9dff44aae2f34fd26Brian Carlstrom } 268727df1258e3b8386afea4778626c9ab16ef467d6Kenny Root } catch (Exception e) { 269727df1258e3b8386afea4778626c9ab16ef467d6Kenny Root String message = ("Problem trying to connect cipher suite " + cipherSuite); 270727df1258e3b8386afea4778626c9ab16ef467d6Kenny Root System.out.println(message); 271727df1258e3b8386afea4778626c9ab16ef467d6Kenny Root e.printStackTrace(); 272727df1258e3b8386afea4778626c9ab16ef467d6Kenny Root error.append(message); 273727df1258e3b8386afea4778626c9ab16ef467d6Kenny Root error.append('\n'); 274727df1258e3b8386afea4778626c9ab16ef467d6Kenny Root } 2750c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom } 276f7aab022dcbfcd8f27b409ab92b4bca4a84d0b8aBrian Carlstrom c.close(); 277727df1258e3b8386afea4778626c9ab16ef467d6Kenny Root 278727df1258e3b8386afea4778626c9ab16ef467d6Kenny Root if (error.length() > 0) { 279727df1258e3b8386afea4778626c9ab16ef467d6Kenny Root throw new Exception("One or more problems in " 280727df1258e3b8386afea4778626c9ab16ef467d6Kenny Root + "test_SSLEngine_getSupportedCipherSuites_connect:\n" + error); 281727df1258e3b8386afea4778626c9ab16ef467d6Kenny Root } 2820c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom } 2830c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom 2843ad1704dc8e4653f4ceaeb5d8315ddb28318a1bbKenny Root private static void assertSendsCorrectly(final byte[] sourceBytes, SSLEngine source, 2853ad1704dc8e4653f4ceaeb5d8315ddb28318a1bbKenny Root SSLEngine dest, boolean needsRecordSplit) throws SSLException { 286c118df9e19edaa61ec3f61c4c8b73268642818f7Kenny Root ByteBuffer sourceOut = ByteBuffer.wrap(sourceBytes); 287c118df9e19edaa61ec3f61c4c8b73268642818f7Kenny Root SSLSession sourceSession = source.getSession(); 288c118df9e19edaa61ec3f61c4c8b73268642818f7Kenny Root ByteBuffer sourceToDest = ByteBuffer.allocate(sourceSession.getPacketBufferSize()); 289c118df9e19edaa61ec3f61c4c8b73268642818f7Kenny Root SSLEngineResult sourceOutRes = source.wrap(sourceOut, sourceToDest); 290c118df9e19edaa61ec3f61c4c8b73268642818f7Kenny Root sourceToDest.flip(); 291c118df9e19edaa61ec3f61c4c8b73268642818f7Kenny Root 292c118df9e19edaa61ec3f61c4c8b73268642818f7Kenny Root String sourceCipherSuite = source.getSession().getCipherSuite(); 293c118df9e19edaa61ec3f61c4c8b73268642818f7Kenny Root assertEquals(sourceCipherSuite, sourceBytes.length, sourceOutRes.bytesConsumed()); 294c118df9e19edaa61ec3f61c4c8b73268642818f7Kenny Root assertEquals(sourceCipherSuite, HandshakeStatus.NOT_HANDSHAKING, 295c118df9e19edaa61ec3f61c4c8b73268642818f7Kenny Root sourceOutRes.getHandshakeStatus()); 296c118df9e19edaa61ec3f61c4c8b73268642818f7Kenny Root 297c118df9e19edaa61ec3f61c4c8b73268642818f7Kenny Root SSLSession destSession = dest.getSession(); 298c118df9e19edaa61ec3f61c4c8b73268642818f7Kenny Root ByteBuffer destIn = ByteBuffer.allocate(destSession.getApplicationBufferSize()); 299c118df9e19edaa61ec3f61c4c8b73268642818f7Kenny Root 300c118df9e19edaa61ec3f61c4c8b73268642818f7Kenny Root int numUnwrapCalls = 0; 301c118df9e19edaa61ec3f61c4c8b73268642818f7Kenny Root while (destIn.position() != sourceOut.limit()) { 302c118df9e19edaa61ec3f61c4c8b73268642818f7Kenny Root SSLEngineResult destRes = dest.unwrap(sourceToDest, destIn); 303c118df9e19edaa61ec3f61c4c8b73268642818f7Kenny Root assertEquals(sourceCipherSuite, HandshakeStatus.NOT_HANDSHAKING, 304c118df9e19edaa61ec3f61c4c8b73268642818f7Kenny Root destRes.getHandshakeStatus()); 305c118df9e19edaa61ec3f61c4c8b73268642818f7Kenny Root if (needsRecordSplit && numUnwrapCalls == 0) { 306c118df9e19edaa61ec3f61c4c8b73268642818f7Kenny Root assertEquals(sourceCipherSuite, 1, destRes.bytesProduced()); 307c118df9e19edaa61ec3f61c4c8b73268642818f7Kenny Root } 308c118df9e19edaa61ec3f61c4c8b73268642818f7Kenny Root numUnwrapCalls++; 309c118df9e19edaa61ec3f61c4c8b73268642818f7Kenny Root } 310c118df9e19edaa61ec3f61c4c8b73268642818f7Kenny Root 311c118df9e19edaa61ec3f61c4c8b73268642818f7Kenny Root destIn.flip(); 312c118df9e19edaa61ec3f61c4c8b73268642818f7Kenny Root byte[] actual = new byte[destIn.remaining()]; 313c118df9e19edaa61ec3f61c4c8b73268642818f7Kenny Root destIn.get(actual); 314c118df9e19edaa61ec3f61c4c8b73268642818f7Kenny Root assertEquals(sourceCipherSuite, Arrays.toString(sourceBytes), Arrays.toString(actual)); 315c118df9e19edaa61ec3f61c4c8b73268642818f7Kenny Root 316c118df9e19edaa61ec3f61c4c8b73268642818f7Kenny Root if (needsRecordSplit) { 317c118df9e19edaa61ec3f61c4c8b73268642818f7Kenny Root assertEquals(sourceCipherSuite, 2, numUnwrapCalls); 318c118df9e19edaa61ec3f61c4c8b73268642818f7Kenny Root } else { 319c118df9e19edaa61ec3f61c4c8b73268642818f7Kenny Root assertEquals(sourceCipherSuite, 1, numUnwrapCalls); 320c118df9e19edaa61ec3f61c4c8b73268642818f7Kenny Root } 321c118df9e19edaa61ec3f61c4c8b73268642818f7Kenny Root } 322c118df9e19edaa61ec3f61c4c8b73268642818f7Kenny Root 323f605c6822da13b32cd3643415a707882b62a3e91Alex Klyubin public void test_SSLEngine_getEnabledCipherSuites_returnsCopies() throws Exception { 3240c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom TestSSLContext c = TestSSLContext.create(); 325059dbc04218144f985b20a228bbe98139d400d0cBrian Carlstrom SSLEngine e = c.clientContext.createSSLEngine(); 326f605c6822da13b32cd3643415a707882b62a3e91Alex Klyubin assertNotSame(e.getEnabledCipherSuites(), e.getEnabledCipherSuites()); 327f7aab022dcbfcd8f27b409ab92b4bca4a84d0b8aBrian Carlstrom c.close(); 3280c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom } 3290c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom 330ee109f62e99f43bcf8b78c857af430be9cf02985Alex Klyubin public void test_SSLEngine_setEnabledCipherSuites_storesCopy() throws Exception { 331ee109f62e99f43bcf8b78c857af430be9cf02985Alex Klyubin TestSSLContext c = TestSSLContext.create(); 332ee109f62e99f43bcf8b78c857af430be9cf02985Alex Klyubin SSLEngine e = c.clientContext.createSSLEngine(); 333ee109f62e99f43bcf8b78c857af430be9cf02985Alex Klyubin String[] array = new String[] {e.getEnabledCipherSuites()[0]}; 334ee109f62e99f43bcf8b78c857af430be9cf02985Alex Klyubin String originalFirstElement = array[0]; 335ee109f62e99f43bcf8b78c857af430be9cf02985Alex Klyubin e.setEnabledCipherSuites(array); 336ee109f62e99f43bcf8b78c857af430be9cf02985Alex Klyubin array[0] = "Modified after having been set"; 337ee109f62e99f43bcf8b78c857af430be9cf02985Alex Klyubin assertEquals(originalFirstElement, e.getEnabledCipherSuites()[0]); 338ee109f62e99f43bcf8b78c857af430be9cf02985Alex Klyubin } 339ee109f62e99f43bcf8b78c857af430be9cf02985Alex Klyubin 3400c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom public void test_SSLEngine_setEnabledCipherSuites() throws Exception { 3410c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom TestSSLContext c = TestSSLContext.create(); 342059dbc04218144f985b20a228bbe98139d400d0cBrian Carlstrom SSLEngine e = c.clientContext.createSSLEngine(); 3430c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom 3440c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom try { 3450c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom e.setEnabledCipherSuites(null); 3460c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom fail(); 3470c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom } catch (IllegalArgumentException expected) { 3480c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom } 3490c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom try { 3500c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom e.setEnabledCipherSuites(new String[1]); 3510c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom fail(); 3520c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom } catch (IllegalArgumentException expected) { 3530c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom } 3540c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom try { 3550c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom e.setEnabledCipherSuites(new String[] { "Bogus" } ); 3560c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom fail(); 3570c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom } catch (IllegalArgumentException expected) { 3580c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom } 3590c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom 3600c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom e.setEnabledCipherSuites(new String[0]); 3610c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom e.setEnabledCipherSuites(e.getEnabledCipherSuites()); 3620c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom e.setEnabledCipherSuites(e.getSupportedCipherSuites()); 363358552b505a8985ec9ed3691d0a6d590b60d620fAlex Klyubin 364358552b505a8985ec9ed3691d0a6d590b60d620fAlex Klyubin // Check that setEnabledCipherSuites affects getEnabledCipherSuites 365358552b505a8985ec9ed3691d0a6d590b60d620fAlex Klyubin String[] cipherSuites = new String[] { e.getSupportedCipherSuites()[0] }; 366358552b505a8985ec9ed3691d0a6d590b60d620fAlex Klyubin e.setEnabledCipherSuites(cipherSuites); 367358552b505a8985ec9ed3691d0a6d590b60d620fAlex Klyubin assertEquals(Arrays.asList(cipherSuites), Arrays.asList(e.getEnabledCipherSuites())); 368358552b505a8985ec9ed3691d0a6d590b60d620fAlex Klyubin 369f7aab022dcbfcd8f27b409ab92b4bca4a84d0b8aBrian Carlstrom c.close(); 3700c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom } 3710c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom 372f605c6822da13b32cd3643415a707882b62a3e91Alex Klyubin public void test_SSLEngine_getSupportedProtocols_returnsCopies() throws Exception { 3730c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom TestSSLContext c = TestSSLContext.create(); 374059dbc04218144f985b20a228bbe98139d400d0cBrian Carlstrom SSLEngine e = c.clientContext.createSSLEngine(); 375f605c6822da13b32cd3643415a707882b62a3e91Alex Klyubin assertNotSame(e.getSupportedProtocols(), e.getSupportedProtocols()); 376f7aab022dcbfcd8f27b409ab92b4bca4a84d0b8aBrian Carlstrom c.close(); 3770c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom } 3780c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom 379f605c6822da13b32cd3643415a707882b62a3e91Alex Klyubin public void test_SSLEngine_getEnabledProtocols_returnsCopies() throws Exception { 3800c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom TestSSLContext c = TestSSLContext.create(); 381059dbc04218144f985b20a228bbe98139d400d0cBrian Carlstrom SSLEngine e = c.clientContext.createSSLEngine(); 382f605c6822da13b32cd3643415a707882b62a3e91Alex Klyubin assertNotSame(e.getEnabledProtocols(), e.getEnabledProtocols()); 383f7aab022dcbfcd8f27b409ab92b4bca4a84d0b8aBrian Carlstrom c.close(); 3840c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom } 3850c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom 386ee109f62e99f43bcf8b78c857af430be9cf02985Alex Klyubin public void test_SSLEngine_setEnabledProtocols_storesCopy() throws Exception { 387ee109f62e99f43bcf8b78c857af430be9cf02985Alex Klyubin TestSSLContext c = TestSSLContext.create(); 388ee109f62e99f43bcf8b78c857af430be9cf02985Alex Klyubin SSLEngine e = c.clientContext.createSSLEngine(); 389ee109f62e99f43bcf8b78c857af430be9cf02985Alex Klyubin String[] array = new String[] {e.getEnabledProtocols()[0]}; 390ee109f62e99f43bcf8b78c857af430be9cf02985Alex Klyubin String originalFirstElement = array[0]; 391ee109f62e99f43bcf8b78c857af430be9cf02985Alex Klyubin e.setEnabledProtocols(array); 392ee109f62e99f43bcf8b78c857af430be9cf02985Alex Klyubin array[0] = "Modified after having been set"; 393ee109f62e99f43bcf8b78c857af430be9cf02985Alex Klyubin assertEquals(originalFirstElement, e.getEnabledProtocols()[0]); 394ee109f62e99f43bcf8b78c857af430be9cf02985Alex Klyubin } 395ee109f62e99f43bcf8b78c857af430be9cf02985Alex Klyubin 3960c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom public void test_SSLEngine_setEnabledProtocols() throws Exception { 3970c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom TestSSLContext c = TestSSLContext.create(); 398059dbc04218144f985b20a228bbe98139d400d0cBrian Carlstrom SSLEngine e = c.clientContext.createSSLEngine(); 3990c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom 4000c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom try { 4010c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom e.setEnabledProtocols(null); 4020c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom fail(); 4030c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom } catch (IllegalArgumentException expected) { 4040c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom } 4050c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom try { 4060c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom e.setEnabledProtocols(new String[1]); 4070c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom fail(); 4080c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom } catch (IllegalArgumentException expected) { 4090c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom } 4100c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom try { 4110c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom e.setEnabledProtocols(new String[] { "Bogus" } ); 4120c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom fail(); 4130c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom } catch (IllegalArgumentException expected) { 4140c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom } 4150c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom e.setEnabledProtocols(new String[0]); 4160c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom e.setEnabledProtocols(e.getEnabledProtocols()); 4170c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom e.setEnabledProtocols(e.getSupportedProtocols()); 418358552b505a8985ec9ed3691d0a6d590b60d620fAlex Klyubin 419358552b505a8985ec9ed3691d0a6d590b60d620fAlex Klyubin // Check that setEnabledProtocols affects getEnabledProtocols 4203ad1704dc8e4653f4ceaeb5d8315ddb28318a1bbKenny Root for (String protocol : e.getSupportedProtocols()) { 4213ad1704dc8e4653f4ceaeb5d8315ddb28318a1bbKenny Root if ("SSLv2Hello".equals(protocol)) { 4223ad1704dc8e4653f4ceaeb5d8315ddb28318a1bbKenny Root try { 4233ad1704dc8e4653f4ceaeb5d8315ddb28318a1bbKenny Root e.setEnabledProtocols(new String[] { protocol }); 4243ad1704dc8e4653f4ceaeb5d8315ddb28318a1bbKenny Root fail("Should fail when SSLv2Hello is set by itself"); 4253ad1704dc8e4653f4ceaeb5d8315ddb28318a1bbKenny Root } catch (IllegalArgumentException expected) {} 4263ad1704dc8e4653f4ceaeb5d8315ddb28318a1bbKenny Root } else { 4273ad1704dc8e4653f4ceaeb5d8315ddb28318a1bbKenny Root String[] protocols = new String[] { protocol }; 4283ad1704dc8e4653f4ceaeb5d8315ddb28318a1bbKenny Root e.setEnabledProtocols(protocols); 4293ad1704dc8e4653f4ceaeb5d8315ddb28318a1bbKenny Root assertEquals(Arrays.deepToString(protocols), 4303ad1704dc8e4653f4ceaeb5d8315ddb28318a1bbKenny Root Arrays.deepToString(e.getEnabledProtocols())); 4313ad1704dc8e4653f4ceaeb5d8315ddb28318a1bbKenny Root } 4323ad1704dc8e4653f4ceaeb5d8315ddb28318a1bbKenny Root } 433358552b505a8985ec9ed3691d0a6d590b60d620fAlex Klyubin 434f7aab022dcbfcd8f27b409ab92b4bca4a84d0b8aBrian Carlstrom c.close(); 4350c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom } 4360c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom 4370c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom public void test_SSLEngine_getSession() throws Exception { 4380c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom TestSSLContext c = TestSSLContext.create(); 439059dbc04218144f985b20a228bbe98139d400d0cBrian Carlstrom SSLEngine e = c.clientContext.createSSLEngine(); 4400c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom SSLSession session = e.getSession(); 4410c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom assertNotNull(session); 4420c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom assertFalse(session.isValid()); 443f7aab022dcbfcd8f27b409ab92b4bca4a84d0b8aBrian Carlstrom c.close(); 4440c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom } 4450c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom 4460c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom public void test_SSLEngine_beginHandshake() throws Exception { 4470c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom TestSSLContext c = TestSSLContext.create(); 4480c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom 4490c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom try { 450059dbc04218144f985b20a228bbe98139d400d0cBrian Carlstrom c.clientContext.createSSLEngine().beginHandshake(); 4510c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom fail(); 4520c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom } catch (IllegalStateException expected) { 4530c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom } 4547c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro c.close(); 4550c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom 4567c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro TestSSLEnginePair p = TestSSLEnginePair.create(null); 4577c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro assertConnected(p); 4587c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro p.close(); 459f7aab022dcbfcd8f27b409ab92b4bca4a84d0b8aBrian Carlstrom 4600c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom } 4610c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom 4620c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom public void test_SSLEngine_beginHandshake_noKeyStore() throws Exception { 4636882e31b7ce2d04ebbc91c7a55d7840e8fdce8a5Brian Carlstrom TestSSLContext c = TestSSLContext.create(null, null, null, null, null, null, null, null, 4646882e31b7ce2d04ebbc91c7a55d7840e8fdce8a5Brian Carlstrom SSLContext.getDefault(), SSLContext.getDefault()); 4657c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro SSLEngine[] p = null; 4660c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom try { 4670c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom // TODO Fix KnownFailure AlertException "NO SERVER CERTIFICATE FOUND" 4680c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom // ServerHandshakeImpl.selectSuite should not select a suite without a required cert 4697c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro p = TestSSLEnginePair.connect(c, null); 4700c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom fail(); 4710c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom } catch (SSLHandshakeException expected) { 4727c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro } finally { 4737c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro if (p != null) { 4747c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro TestSSLEnginePair.close(p); 4757c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro } 4760c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom } 477f7aab022dcbfcd8f27b409ab92b4bca4a84d0b8aBrian Carlstrom c.close(); 4780c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom } 4790c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom 4800c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom public void test_SSLEngine_beginHandshake_noClientCertificate() throws Exception { 481059dbc04218144f985b20a228bbe98139d400d0cBrian Carlstrom TestSSLContext c = TestSSLContext.create(); 482059dbc04218144f985b20a228bbe98139d400d0cBrian Carlstrom SSLEngine[] engines = TestSSLEnginePair.connect(c, null); 4830c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom assertConnected(engines[0], engines[1]); 484f7aab022dcbfcd8f27b409ab92b4bca4a84d0b8aBrian Carlstrom c.close(); 4857c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro TestSSLEnginePair.close(engines); 4860c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom } 4870c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom 4880c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom public void test_SSLEngine_getUseClientMode() throws Exception { 4890c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom TestSSLContext c = TestSSLContext.create(); 490059dbc04218144f985b20a228bbe98139d400d0cBrian Carlstrom assertFalse(c.clientContext.createSSLEngine().getUseClientMode()); 491059dbc04218144f985b20a228bbe98139d400d0cBrian Carlstrom assertFalse(c.clientContext.createSSLEngine(null, -1).getUseClientMode()); 492f7aab022dcbfcd8f27b409ab92b4bca4a84d0b8aBrian Carlstrom c.close(); 4930c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom } 4940c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom 4950c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom public void test_SSLEngine_setUseClientMode() throws Exception { 496727df1258e3b8386afea4778626c9ab16ef467d6Kenny Root boolean[] finished; 4977c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro TestSSLEnginePair p = null; 498727df1258e3b8386afea4778626c9ab16ef467d6Kenny Root 4990c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom // client is client, server is server 500727df1258e3b8386afea4778626c9ab16ef467d6Kenny Root finished = new boolean[2]; 5017c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro p = test_SSLEngine_setUseClientMode(true, false, finished); 5027c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro assertConnected(p); 503727df1258e3b8386afea4778626c9ab16ef467d6Kenny Root assertTrue(finished[0]); 504727df1258e3b8386afea4778626c9ab16ef467d6Kenny Root assertTrue(finished[1]); 5057c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro p.close(); 5060c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom 5070c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom // client is server, server is client 508727df1258e3b8386afea4778626c9ab16ef467d6Kenny Root finished = new boolean[2]; 5097c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro p = test_SSLEngine_setUseClientMode(false, true, finished); 5107c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro assertConnected(p); 511727df1258e3b8386afea4778626c9ab16ef467d6Kenny Root assertTrue(finished[0]); 512727df1258e3b8386afea4778626c9ab16ef467d6Kenny Root assertTrue(finished[1]); 5137c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro p.close(); 5140c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom 5150c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom // both are client 516727df1258e3b8386afea4778626c9ab16ef467d6Kenny Root /* 517727df1258e3b8386afea4778626c9ab16ef467d6Kenny Root * Our implementation throws an SSLHandshakeException, but RI just 518727df1258e3b8386afea4778626c9ab16ef467d6Kenny Root * stalls forever 519727df1258e3b8386afea4778626c9ab16ef467d6Kenny Root */ 5207c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro p = null; 521727df1258e3b8386afea4778626c9ab16ef467d6Kenny Root try { 5227c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro p = test_SSLEngine_setUseClientMode(true, true, null); 5237c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro assertNotConnected(p); 524727df1258e3b8386afea4778626c9ab16ef467d6Kenny Root assertTrue(StandardNames.IS_RI); 525727df1258e3b8386afea4778626c9ab16ef467d6Kenny Root } catch (SSLHandshakeException maybeExpected) { 526727df1258e3b8386afea4778626c9ab16ef467d6Kenny Root assertFalse(StandardNames.IS_RI); 5277c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro } finally { 5287c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro if (p != null) { 5297c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro p.close(); 5307c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro } 5317c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro 532727df1258e3b8386afea4778626c9ab16ef467d6Kenny Root } 5330c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom 5347c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro p = test_SSLEngine_setUseClientMode(false, false, null); 5350c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom // both are server 5367c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro assertNotConnected(p); 5377c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro p.close(); 5380c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom } 5390c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom 5405f2e6872311240319509aed64d9f58cd5b64719bBrian Carlstrom public void test_SSLEngine_setUseClientMode_afterHandshake() throws Exception { 5415f2e6872311240319509aed64d9f58cd5b64719bBrian Carlstrom 5425f2e6872311240319509aed64d9f58cd5b64719bBrian Carlstrom // can't set after handshake 5435f2e6872311240319509aed64d9f58cd5b64719bBrian Carlstrom TestSSLEnginePair pair = TestSSLEnginePair.create(null); 5445f2e6872311240319509aed64d9f58cd5b64719bBrian Carlstrom try { 5455f2e6872311240319509aed64d9f58cd5b64719bBrian Carlstrom pair.server.setUseClientMode(false); 5465f2e6872311240319509aed64d9f58cd5b64719bBrian Carlstrom fail(); 5475f2e6872311240319509aed64d9f58cd5b64719bBrian Carlstrom } catch (IllegalArgumentException expected) { 5485f2e6872311240319509aed64d9f58cd5b64719bBrian Carlstrom } 5495f2e6872311240319509aed64d9f58cd5b64719bBrian Carlstrom try { 5505f2e6872311240319509aed64d9f58cd5b64719bBrian Carlstrom pair.client.setUseClientMode(false); 5515f2e6872311240319509aed64d9f58cd5b64719bBrian Carlstrom fail(); 5525f2e6872311240319509aed64d9f58cd5b64719bBrian Carlstrom } catch (IllegalArgumentException expected) { 5535f2e6872311240319509aed64d9f58cd5b64719bBrian Carlstrom } 5547c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro pair.close(); 5555f2e6872311240319509aed64d9f58cd5b64719bBrian Carlstrom } 5565f2e6872311240319509aed64d9f58cd5b64719bBrian Carlstrom 5570c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom private TestSSLEnginePair test_SSLEngine_setUseClientMode(final boolean clientClientMode, 558727df1258e3b8386afea4778626c9ab16ef467d6Kenny Root final boolean serverClientMode, 559727df1258e3b8386afea4778626c9ab16ef467d6Kenny Root final boolean[] finished) 5600c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom throws Exception { 561059dbc04218144f985b20a228bbe98139d400d0cBrian Carlstrom TestSSLContext c; 562059dbc04218144f985b20a228bbe98139d400d0cBrian Carlstrom if (!clientClientMode && serverClientMode) { 563059dbc04218144f985b20a228bbe98139d400d0cBrian Carlstrom c = TestSSLContext.create(TestKeyStore.getServer(), TestKeyStore.getClient()); 564059dbc04218144f985b20a228bbe98139d400d0cBrian Carlstrom } else { 565059dbc04218144f985b20a228bbe98139d400d0cBrian Carlstrom c = TestSSLContext.create(); 566059dbc04218144f985b20a228bbe98139d400d0cBrian Carlstrom } 567059dbc04218144f985b20a228bbe98139d400d0cBrian Carlstrom 568059dbc04218144f985b20a228bbe98139d400d0cBrian Carlstrom return TestSSLEnginePair.create(c, new TestSSLEnginePair.Hooks() { 5690c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom @Override 5700c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom void beforeBeginHandshake(SSLEngine client, SSLEngine server) { 5710c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom client.setUseClientMode(clientClientMode); 5720c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom server.setUseClientMode(serverClientMode); 5730c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom } 574727df1258e3b8386afea4778626c9ab16ef467d6Kenny Root }, finished); 5750c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom } 5760c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom 5770c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom public void test_SSLEngine_clientAuth() throws Exception { 5780c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom TestSSLContext c = TestSSLContext.create(); 579059dbc04218144f985b20a228bbe98139d400d0cBrian Carlstrom SSLEngine e = c.clientContext.createSSLEngine(); 5800c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom 5810c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom assertFalse(e.getWantClientAuth()); 5820c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom assertFalse(e.getNeedClientAuth()); 5830c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom 5840c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom // confirm turning one on by itself 5850c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom e.setWantClientAuth(true); 5860c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom assertTrue(e.getWantClientAuth()); 5870c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom assertFalse(e.getNeedClientAuth()); 5880c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom 5890c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom // confirm turning setting on toggles the other 5900c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom e.setNeedClientAuth(true); 5910c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom assertFalse(e.getWantClientAuth()); 5920c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom assertTrue(e.getNeedClientAuth()); 5930c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom 5940c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom // confirm toggling back 5950c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom e.setWantClientAuth(true); 5960c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom assertTrue(e.getWantClientAuth()); 5970c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom assertFalse(e.getNeedClientAuth()); 5980c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom 5990c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom // TODO Fix KnownFailure "init - invalid private key" 600059dbc04218144f985b20a228bbe98139d400d0cBrian Carlstrom TestSSLContext clientAuthContext 601059dbc04218144f985b20a228bbe98139d400d0cBrian Carlstrom = TestSSLContext.create(TestKeyStore.getClientCertificate(), 602059dbc04218144f985b20a228bbe98139d400d0cBrian Carlstrom TestKeyStore.getServer()); 603059dbc04218144f985b20a228bbe98139d400d0cBrian Carlstrom TestSSLEnginePair p = TestSSLEnginePair.create(clientAuthContext, 604059dbc04218144f985b20a228bbe98139d400d0cBrian Carlstrom new TestSSLEnginePair.Hooks() { 6050c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom @Override 606059dbc04218144f985b20a228bbe98139d400d0cBrian Carlstrom void beforeBeginHandshake(SSLEngine client, SSLEngine server) { 6070c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom server.setWantClientAuth(true); 6080c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom } 6090c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom }); 6100c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom assertConnected(p); 6110c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom assertNotNull(p.client.getSession().getLocalCertificates()); 612059dbc04218144f985b20a228bbe98139d400d0cBrian Carlstrom TestKeyStore.assertChainLength(p.client.getSession().getLocalCertificates()); 613059dbc04218144f985b20a228bbe98139d400d0cBrian Carlstrom TestSSLContext.assertClientCertificateChain(clientAuthContext.clientTrustManager, 614059dbc04218144f985b20a228bbe98139d400d0cBrian Carlstrom p.client.getSession().getLocalCertificates()); 615f7aab022dcbfcd8f27b409ab92b4bca4a84d0b8aBrian Carlstrom clientAuthContext.close(); 616f7aab022dcbfcd8f27b409ab92b4bca4a84d0b8aBrian Carlstrom c.close(); 6177c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro p.close(); 6180c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom } 6190c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom 6207c935d4e4ca990334200cf5eb4fbcfac718c6b45gcollins /** 6217c935d4e4ca990334200cf5eb4fbcfac718c6b45gcollins * http://code.google.com/p/android/issues/detail?id=31903 6227c935d4e4ca990334200cf5eb4fbcfac718c6b45gcollins * This test case directly tests the fix for the issue. 6237c935d4e4ca990334200cf5eb4fbcfac718c6b45gcollins */ 6247c935d4e4ca990334200cf5eb4fbcfac718c6b45gcollins public void test_SSLEngine_clientAuthWantedNoClientCert() throws Exception { 6257c935d4e4ca990334200cf5eb4fbcfac718c6b45gcollins TestSSLContext clientAuthContext 6267c935d4e4ca990334200cf5eb4fbcfac718c6b45gcollins = TestSSLContext.create(TestKeyStore.getClient(), 6277c935d4e4ca990334200cf5eb4fbcfac718c6b45gcollins TestKeyStore.getServer()); 6287c935d4e4ca990334200cf5eb4fbcfac718c6b45gcollins TestSSLEnginePair p = TestSSLEnginePair.create(clientAuthContext, 6297c935d4e4ca990334200cf5eb4fbcfac718c6b45gcollins new TestSSLEnginePair.Hooks() { 6307c935d4e4ca990334200cf5eb4fbcfac718c6b45gcollins @Override 6317c935d4e4ca990334200cf5eb4fbcfac718c6b45gcollins void beforeBeginHandshake(SSLEngine client, SSLEngine server) { 6327c935d4e4ca990334200cf5eb4fbcfac718c6b45gcollins server.setWantClientAuth(true); 6337c935d4e4ca990334200cf5eb4fbcfac718c6b45gcollins } 6347c935d4e4ca990334200cf5eb4fbcfac718c6b45gcollins }); 6357c935d4e4ca990334200cf5eb4fbcfac718c6b45gcollins assertConnected(p); 6367c935d4e4ca990334200cf5eb4fbcfac718c6b45gcollins clientAuthContext.close(); 6377c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro p.close(); 6387c935d4e4ca990334200cf5eb4fbcfac718c6b45gcollins } 6397c935d4e4ca990334200cf5eb4fbcfac718c6b45gcollins 6407c935d4e4ca990334200cf5eb4fbcfac718c6b45gcollins /** 6417c935d4e4ca990334200cf5eb4fbcfac718c6b45gcollins * http://code.google.com/p/android/issues/detail?id=31903 6427c935d4e4ca990334200cf5eb4fbcfac718c6b45gcollins * This test case verifies that if the server requires a client cert 6437c935d4e4ca990334200cf5eb4fbcfac718c6b45gcollins * (setNeedClientAuth) but the client does not provide one SSL connection 6447c935d4e4ca990334200cf5eb4fbcfac718c6b45gcollins * establishment will fail 6457c935d4e4ca990334200cf5eb4fbcfac718c6b45gcollins */ 6467c935d4e4ca990334200cf5eb4fbcfac718c6b45gcollins public void test_SSLEngine_clientAuthNeededNoClientCert() throws Exception { 6477c935d4e4ca990334200cf5eb4fbcfac718c6b45gcollins boolean handshakeExceptionCaught = false; 6487c935d4e4ca990334200cf5eb4fbcfac718c6b45gcollins TestSSLContext clientAuthContext 6497c935d4e4ca990334200cf5eb4fbcfac718c6b45gcollins = TestSSLContext.create(TestKeyStore.getClient(), 6507c935d4e4ca990334200cf5eb4fbcfac718c6b45gcollins TestKeyStore.getServer()); 6517c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro TestSSLEnginePair p = null; 6527c935d4e4ca990334200cf5eb4fbcfac718c6b45gcollins try { 6537c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro p = TestSSLEnginePair.create(clientAuthContext, 6547c935d4e4ca990334200cf5eb4fbcfac718c6b45gcollins new TestSSLEnginePair.Hooks() { 6557c935d4e4ca990334200cf5eb4fbcfac718c6b45gcollins @Override 6567c935d4e4ca990334200cf5eb4fbcfac718c6b45gcollins void beforeBeginHandshake(SSLEngine client, SSLEngine server) { 6577c935d4e4ca990334200cf5eb4fbcfac718c6b45gcollins server.setNeedClientAuth(true); 6587c935d4e4ca990334200cf5eb4fbcfac718c6b45gcollins } 6597c935d4e4ca990334200cf5eb4fbcfac718c6b45gcollins }); 6607c935d4e4ca990334200cf5eb4fbcfac718c6b45gcollins fail(); 6617c935d4e4ca990334200cf5eb4fbcfac718c6b45gcollins } catch (SSLHandshakeException expected) { 6627c935d4e4ca990334200cf5eb4fbcfac718c6b45gcollins } finally { 6637c935d4e4ca990334200cf5eb4fbcfac718c6b45gcollins clientAuthContext.close(); 6647c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro if (p != null) { 6657c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro p.close(); 6667c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro } 6677c935d4e4ca990334200cf5eb4fbcfac718c6b45gcollins } 6687c935d4e4ca990334200cf5eb4fbcfac718c6b45gcollins } 6697c935d4e4ca990334200cf5eb4fbcfac718c6b45gcollins 67001b7734160977458d44d1fb179984fd91672f08dKenny Root public void test_SSLEngine_endpointVerification_Success() throws Exception { 67101b7734160977458d44d1fb179984fd91672f08dKenny Root TestSSLContext c = TestSSLContext.create(); 67201b7734160977458d44d1fb179984fd91672f08dKenny Root TestSSLEnginePair p = TestSSLEnginePair.create(c, new TestSSLEnginePair.Hooks() { 67301b7734160977458d44d1fb179984fd91672f08dKenny Root @Override 67401b7734160977458d44d1fb179984fd91672f08dKenny Root void beforeBeginHandshake(SSLEngine client, SSLEngine server) { 67501b7734160977458d44d1fb179984fd91672f08dKenny Root SSLParameters p = client.getSSLParameters(); 67601b7734160977458d44d1fb179984fd91672f08dKenny Root p.setEndpointIdentificationAlgorithm("HTTPS"); 67701b7734160977458d44d1fb179984fd91672f08dKenny Root client.setSSLParameters(p); 67801b7734160977458d44d1fb179984fd91672f08dKenny Root } 67901b7734160977458d44d1fb179984fd91672f08dKenny Root }); 68001b7734160977458d44d1fb179984fd91672f08dKenny Root assertConnected(p); 68101b7734160977458d44d1fb179984fd91672f08dKenny Root c.close(); 68201b7734160977458d44d1fb179984fd91672f08dKenny Root } 68301b7734160977458d44d1fb179984fd91672f08dKenny Root 6840c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom public void test_SSLEngine_getEnableSessionCreation() throws Exception { 6850c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom TestSSLContext c = TestSSLContext.create(); 686059dbc04218144f985b20a228bbe98139d400d0cBrian Carlstrom SSLEngine e = c.clientContext.createSSLEngine(); 6870c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom assertTrue(e.getEnableSessionCreation()); 688f7aab022dcbfcd8f27b409ab92b4bca4a84d0b8aBrian Carlstrom c.close(); 6897c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro TestSSLEnginePair.close(new SSLEngine[] { e }); 6900c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom } 6910c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom 6920c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom public void test_SSLEngine_setEnableSessionCreation_server() throws Exception { 6937c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro TestSSLEnginePair p = null; 694a368cef707903c2adc7868ba48a95ccdac5f7625Kenny Root try { 6957c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro p = TestSSLEnginePair.create(new TestSSLEnginePair.Hooks() { 696a368cef707903c2adc7868ba48a95ccdac5f7625Kenny Root @Override 697a368cef707903c2adc7868ba48a95ccdac5f7625Kenny Root void beforeBeginHandshake(SSLEngine client, SSLEngine server) { 698a368cef707903c2adc7868ba48a95ccdac5f7625Kenny Root server.setEnableSessionCreation(false); 699a368cef707903c2adc7868ba48a95ccdac5f7625Kenny Root } 700a368cef707903c2adc7868ba48a95ccdac5f7625Kenny Root }); 701a368cef707903c2adc7868ba48a95ccdac5f7625Kenny Root // For some reason, the RI doesn't throw an SSLException. 702a368cef707903c2adc7868ba48a95ccdac5f7625Kenny Root assertTrue(StandardNames.IS_RI); 703a368cef707903c2adc7868ba48a95ccdac5f7625Kenny Root assertNotConnected(p); 704a368cef707903c2adc7868ba48a95ccdac5f7625Kenny Root } catch (SSLException maybeExpected) { 705a368cef707903c2adc7868ba48a95ccdac5f7625Kenny Root assertFalse(StandardNames.IS_RI); 7067c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro } finally { 7077c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro if (p != null) { 7087c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro p.close(); 7097c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro } 710a368cef707903c2adc7868ba48a95ccdac5f7625Kenny Root } 7110c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom } 7120c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom 7130c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom public void test_SSLEngine_setEnableSessionCreation_client() throws Exception { 7147c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro TestSSLEnginePair p = null; 7150c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom try { 7167c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro p = TestSSLEnginePair.create(new TestSSLEnginePair.Hooks() { 7170c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom @Override 7180c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom void beforeBeginHandshake(SSLEngine client, SSLEngine server) { 7190c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom client.setEnableSessionCreation(false); 7200c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom } 7210c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom }); 7220c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom fail(); 7230c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom } catch (SSLException expected) { 7247c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro } finally { 7257c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro if (p != null) { 7267c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro p.close(); 7277c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro } 7280c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom } 7290c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom } 7300c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom 7310c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom public void test_SSLEngine_getSSLParameters() throws Exception { 7320c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom TestSSLContext c = TestSSLContext.create(); 733059dbc04218144f985b20a228bbe98139d400d0cBrian Carlstrom SSLEngine e = c.clientContext.createSSLEngine(); 7340c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom 7350c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom SSLParameters p = e.getSSLParameters(); 7360c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom assertNotNull(p); 7370c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom 7380c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom String[] cipherSuites = p.getCipherSuites(); 7390c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom assertNotSame(cipherSuites, e.getEnabledCipherSuites()); 7400c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom assertEquals(Arrays.asList(cipherSuites), Arrays.asList(e.getEnabledCipherSuites())); 7410c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom 7420c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom String[] protocols = p.getProtocols(); 7430c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom assertNotSame(protocols, e.getEnabledProtocols()); 7440c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom assertEquals(Arrays.asList(protocols), Arrays.asList(e.getEnabledProtocols())); 7450c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom 7460c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom assertEquals(p.getWantClientAuth(), e.getWantClientAuth()); 7470c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom assertEquals(p.getNeedClientAuth(), e.getNeedClientAuth()); 748f7aab022dcbfcd8f27b409ab92b4bca4a84d0b8aBrian Carlstrom 749f7aab022dcbfcd8f27b409ab92b4bca4a84d0b8aBrian Carlstrom c.close(); 7500c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom } 7510c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom 7520c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom public void test_SSLEngine_setSSLParameters() throws Exception { 7530c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom TestSSLContext c = TestSSLContext.create(); 754059dbc04218144f985b20a228bbe98139d400d0cBrian Carlstrom SSLEngine e = c.clientContext.createSSLEngine(); 7550c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom String[] defaultCipherSuites = e.getEnabledCipherSuites(); 7560c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom String[] defaultProtocols = e.getEnabledProtocols(); 7570c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom String[] supportedCipherSuites = e.getSupportedCipherSuites(); 7580c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom String[] supportedProtocols = e.getSupportedProtocols(); 7590c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom 7600c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom { 7610c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom SSLParameters p = new SSLParameters(); 7620c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom e.setSSLParameters(p); 7630c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom assertEquals(Arrays.asList(defaultCipherSuites), 7640c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom Arrays.asList(e.getEnabledCipherSuites())); 7650c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom assertEquals(Arrays.asList(defaultProtocols), 7660c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom Arrays.asList(e.getEnabledProtocols())); 7670c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom } 7680c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom 7690c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom { 7700c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom SSLParameters p = new SSLParameters(supportedCipherSuites, 7710c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom supportedProtocols); 7720c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom e.setSSLParameters(p); 7730c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom assertEquals(Arrays.asList(supportedCipherSuites), 7740c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom Arrays.asList(e.getEnabledCipherSuites())); 7750c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom assertEquals(Arrays.asList(supportedProtocols), 7760c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom Arrays.asList(e.getEnabledProtocols())); 7770c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom } 7780c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom { 7790c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom SSLParameters p = new SSLParameters(); 7800c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom 7810c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom p.setNeedClientAuth(true); 7820c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom assertFalse(e.getNeedClientAuth()); 7830c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom assertFalse(e.getWantClientAuth()); 7840c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom e.setSSLParameters(p); 7850c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom assertTrue(e.getNeedClientAuth()); 7860c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom assertFalse(e.getWantClientAuth()); 7870c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom 7880c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom p.setWantClientAuth(true); 7890c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom assertTrue(e.getNeedClientAuth()); 7900c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom assertFalse(e.getWantClientAuth()); 7910c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom e.setSSLParameters(p); 7920c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom assertFalse(e.getNeedClientAuth()); 7930c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom assertTrue(e.getWantClientAuth()); 7940c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom 7950c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom p.setWantClientAuth(false); 7960c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom assertFalse(e.getNeedClientAuth()); 7970c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom assertTrue(e.getWantClientAuth()); 7980c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom e.setSSLParameters(p); 7990c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom assertFalse(e.getNeedClientAuth()); 8000c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom assertFalse(e.getWantClientAuth()); 8010c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom } 802f7aab022dcbfcd8f27b409ab92b4bca4a84d0b8aBrian Carlstrom c.close(); 8030c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom } 8040c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom 8050c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom public void test_TestSSLEnginePair_create() throws Exception { 8060c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom TestSSLEnginePair test = TestSSLEnginePair.create(null); 8070c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom assertNotNull(test.c); 8080c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom assertNotNull(test.server); 8090c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom assertNotNull(test.client); 8100c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom assertConnected(test); 8117c4f30cf50079df52bc4572688c7c9eed129a4bbSergio Giro test.close(); 8120c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom } 81358af60a00935641f4669afc358593456944644ecKenny Root 81458af60a00935641f4669afc358593456944644ecKenny Root private final int NUM_STRESS_ITERATIONS = 1000; 81558af60a00935641f4669afc358593456944644ecKenny Root 81658af60a00935641f4669afc358593456944644ecKenny Root public void test_SSLEngine_Multiple_Thread_Success() throws Exception { 81758af60a00935641f4669afc358593456944644ecKenny Root try (final TestSSLEnginePair pair = TestSSLEnginePair.create()) { 81858af60a00935641f4669afc358593456944644ecKenny Root assertConnected(pair); 81958af60a00935641f4669afc358593456944644ecKenny Root 82058af60a00935641f4669afc358593456944644ecKenny Root final CountDownLatch startUpSync = new CountDownLatch(2); 82158af60a00935641f4669afc358593456944644ecKenny Root ExecutorService executor = Executors.newFixedThreadPool(2); 82258af60a00935641f4669afc358593456944644ecKenny Root Future<Void> client = executor.submit(new Callable<Void>() { 8232216155c3066236eb450f307983019f69a10303dKenny Root @Override 82458af60a00935641f4669afc358593456944644ecKenny Root public Void call() throws Exception { 82558af60a00935641f4669afc358593456944644ecKenny Root startUpSync.countDown(); 82658af60a00935641f4669afc358593456944644ecKenny Root 82758af60a00935641f4669afc358593456944644ecKenny Root for (int i = 0; i < NUM_STRESS_ITERATIONS; i++) { 8282216155c3066236eb450f307983019f69a10303dKenny Root assertSendsCorrectly("This is the client. Hello!".getBytes(UTF_8), 82958af60a00935641f4669afc358593456944644ecKenny Root pair.client, pair.server, false); 83058af60a00935641f4669afc358593456944644ecKenny Root } 83158af60a00935641f4669afc358593456944644ecKenny Root 83258af60a00935641f4669afc358593456944644ecKenny Root return null; 83358af60a00935641f4669afc358593456944644ecKenny Root } 83458af60a00935641f4669afc358593456944644ecKenny Root }); 83558af60a00935641f4669afc358593456944644ecKenny Root Future<Void> server = executor.submit(new Callable<Void>() { 8362216155c3066236eb450f307983019f69a10303dKenny Root @Override 83758af60a00935641f4669afc358593456944644ecKenny Root public Void call() throws Exception { 83858af60a00935641f4669afc358593456944644ecKenny Root startUpSync.countDown(); 83958af60a00935641f4669afc358593456944644ecKenny Root 84058af60a00935641f4669afc358593456944644ecKenny Root for (int i = 0; i < NUM_STRESS_ITERATIONS; i++) { 8412216155c3066236eb450f307983019f69a10303dKenny Root assertSendsCorrectly("This is the server. Hi!".getBytes(UTF_8), 84258af60a00935641f4669afc358593456944644ecKenny Root pair.server, pair.client, false); 84358af60a00935641f4669afc358593456944644ecKenny Root } 84458af60a00935641f4669afc358593456944644ecKenny Root 84558af60a00935641f4669afc358593456944644ecKenny Root return null; 84658af60a00935641f4669afc358593456944644ecKenny Root } 84758af60a00935641f4669afc358593456944644ecKenny Root }); 84858af60a00935641f4669afc358593456944644ecKenny Root executor.shutdown(); 84958af60a00935641f4669afc358593456944644ecKenny Root client.get(); 85058af60a00935641f4669afc358593456944644ecKenny Root server.get(); 85158af60a00935641f4669afc358593456944644ecKenny Root } 85258af60a00935641f4669afc358593456944644ecKenny Root } 8530c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom} 854